package web.war.identitystorehandler;

import java.lang.annotation.Annotation;
import java.security.AccessController;
import java.security.PrivilegedAction;
import java.util.Comparator;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.TreeSet;
import java.util.logging.Logger;
import javax.enterprise.context.ApplicationScoped;
import javax.enterprise.inject.Default;
import javax.enterprise.inject.Instance;
import javax.enterprise.inject.spi.CDI;
import javax.security.enterprise.credential.Credential;
import javax.security.enterprise.identitystore.CredentialValidationResult;
import javax.security.enterprise.identitystore.IdentityStore;
import javax.security.enterprise.identitystore.IdentityStoreHandler;

@Default
@ApplicationScoped
/* loaded from: input_file:web/war/identitystorehandler/CustomIdentityStoreHandler.class */
public class CustomIdentityStoreHandler implements IdentityStoreHandler {
    private final Logger logger = Logger.getLogger(sourceClass);
    protected static String sourceClass = CustomIdentityStoreHandler.class.getName();
    private static final Comparator<IdentityStore> priorityComparator = new Comparator<IdentityStore>() { // from class: web.war.identitystorehandler.CustomIdentityStoreHandler.2
        @Override // java.util.Comparator
        public int compare(IdentityStore identityStore, IdentityStore identityStore2) {
            int i = 1;
            if (identityStore.equals(identityStore2)) {
                i = 0;
            } else if (identityStore.priority() < identityStore2.priority()) {
                i = -1;
            }
            return i;
        }
    };

    public CustomIdentityStoreHandler() {
        this.logger.info("CustomIdentityStoreHandler is being used.");
    }

    public CredentialValidationResult validate(Credential credential) {
        this.logger.entering(sourceClass, "validate", credential);
        CredentialValidationResult validate = validate(getIdentityStores(), credential);
        this.logger.exiting(sourceClass, "validate", validate);
        return validate;
    }

    public CredentialValidationResult validate(Set<IdentityStore> set, Credential credential) {
        CredentialValidationResult credentialValidationResult = null;
        CredentialValidationResult credentialValidationResult2 = CredentialValidationResult.NOT_VALIDATED_RESULT;
        boolean z = false;
        boolean z2 = false;
        if (!set.isEmpty()) {
            Iterator<IdentityStore> it = set.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                IdentityStore next = it.next();
                if (next.validationTypes().contains(IdentityStore.ValidationType.VALIDATE)) {
                    z2 = true;
                    credentialValidationResult2 = next.validate(credential);
                    this.logger.info("validation status : " + credentialValidationResult2.getStatus() + ", identityStore : " + next);
                    if (credentialValidationResult2.getStatus() == CredentialValidationResult.Status.VALID) {
                        if (next.validationTypes().contains(IdentityStore.ValidationType.PROVIDE_GROUPS)) {
                            z = true;
                        }
                    } else if (credentialValidationResult2.getStatus() == CredentialValidationResult.Status.INVALID && credentialValidationResult == null) {
                        credentialValidationResult = credentialValidationResult2;
                    }
                }
            }
            if (credentialValidationResult2 != null && credentialValidationResult2.getStatus() == CredentialValidationResult.Status.VALID) {
                Set<String> groups = getGroups(set, credentialValidationResult2, z);
                this.logger.info("IdentityStore ID : " + credentialValidationResult2.getIdentityStoreId() + ", CallerPrincipal : " + (credentialValidationResult2.getCallerPrincipal() != null ? credentialValidationResult2.getCallerPrincipal().getName() : "null") + ", CallerDN : " + credentialValidationResult2.getCallerDn() + ", CallerUniqueId : " + credentialValidationResult2.getCallerUniqueId() + ", Groups : " + groups);
                credentialValidationResult2 = new CredentialValidationResult(credentialValidationResult2.getIdentityStoreId(), credentialValidationResult2.getCallerPrincipal(), credentialValidationResult2.getCallerDn(), credentialValidationResult2.getCallerUniqueId(), groups);
            } else if (credentialValidationResult != null) {
                credentialValidationResult2 = credentialValidationResult;
            } else if (!z2) {
                credentialValidationResult2 = CredentialValidationResult.NOT_VALIDATED_RESULT;
            }
        }
        return credentialValidationResult2;
    }

    protected Set<String> getGroups(Set<IdentityStore> set, CredentialValidationResult credentialValidationResult, boolean z) {
        Set callerGroups;
        HashSet hashSet = new HashSet();
        if (z && (callerGroups = credentialValidationResult.getCallerGroups()) != null && !callerGroups.isEmpty()) {
            hashSet.addAll(callerGroups);
        }
        for (IdentityStore identityStore : set) {
            Set validationTypes = identityStore.validationTypes();
            if (validationTypes != null) {
                boolean contains = validationTypes.contains(IdentityStore.ValidationType.PROVIDE_GROUPS);
                boolean contains2 = validationTypes.contains(IdentityStore.ValidationType.VALIDATE);
                this.logger.info("IdentityStore : " + identityStore + ", PROVIDE_GROUPS : " + contains + ", VALIDATE : " + contains2);
                if (contains && !contains2) {
                    Set<String> groups = getGroups(identityStore, credentialValidationResult);
                    this.logger.info("IdentityStore : " + identityStore + ", groups : " + groups);
                    if (groups != null && !groups.isEmpty()) {
                        hashSet.addAll(groups);
                    }
                }
            }
        }
        return hashSet;
    }

    private Set<String> getGroups(final IdentityStore identityStore, final CredentialValidationResult credentialValidationResult) {
        return (Set) AccessController.doPrivileged(new PrivilegedAction<Set<String>>() { // from class: web.war.identitystorehandler.CustomIdentityStoreHandler.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedAction
            public Set<String> run() {
                return identityStore.getCallerGroups(credentialValidationResult);
            }
        });
    }

    protected CDI<Object> getCDI() {
        return CDI.current();
    }

    protected Set<IdentityStore> getIdentityStores() {
        TreeSet treeSet = new TreeSet(priorityComparator);
        scanIdentityStores(treeSet);
        return treeSet;
    }

    protected void scanIdentityStores(Set<IdentityStore> set) {
        Instance<IdentityStore> select = getCDI().select(IdentityStore.class, new Annotation[0]);
        if (select != null) {
            for (IdentityStore identityStore : select) {
                this.logger.info("IdentityStore from the CDI: " + identityStore + ", validationTypes : " + identityStore.validationTypes() + ", priority : " + identityStore.priority());
                set.add(identityStore);
            }
        }
        this.logger.info("Number of identityStore : " + set.size());
    }
}
